Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate to Spring Security 6's @EnableWebSocketSecurity #20404

Open
mraible opened this issue Nov 20, 2022 · 5 comments
Open

Migrate to Spring Security 6's @EnableWebSocketSecurity #20404

mraible opened this issue Nov 20, 2022 · 5 comments

Comments

@mraible
Copy link
Contributor

mraible commented Nov 20, 2022

Overview of the issue

Spring Security 6 introduces an @EnableWebSocketSecurity annotation to replace the deprecated AbstractSecurityWebSocketMessageBrokerConfigurer.

However, this annotation does not provide a way to disable CSRF for websockets.

From https://docs.spring.io/spring-security/reference/6.0/servlet/integrations/websocket.html:

NOTE: At this point, CSRF is not configurable when using @EnableWebSocketSecurity, though this will likely be added in a future release.

Motivation for or Use Case

We should not use deprecated classes where possible.

Reproduce the error

Generate an app with websockets and you'll see that WebsocketSecurityConfiguration extends a deprecated class. It'd be good to rename our Websocket classes to be WebSocket to be inline with Spring Security. However, it might be a pain for upgrading, so leaving the names as-is might be a good idea.

Related issues
Copy link
Contributor

This issue is stale because it has been open for too long without any activity.
Due to the moving nature of jhipster generated application, bugs can become invalid.
If this issue still applies please comment otherwise it will be closed in 7 days

@atomfrede
Copy link
Member

Keep it open.

@mdmm13
Copy link

mdmm13 commented Apr 10, 2024

Is there a workaround for this that does not involve using the deprecated MessageSecurityMetadataSourceRegistry?

Copy link
Contributor

github-actions bot commented Oct 8, 2024

This issue is stale because it has been open for too long without any activity.
Due to the moving nature of jhipster generated application, bugs can become invalid.
If this issue still applies please comment otherwise it will be closed in 7 days

@ByungJun25
Copy link

FYI: @mdmm13 Hi, I found an issue showing a workaround. spring-projects/spring-security#12378 (comment) and spring-projects/spring-security#13640

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants